CVE-2025-61145
Received Received - Intake
Double Free Vulnerability in libtiff tiffcrop.c Causes Crash

Publication date: 2026-02-23

Last updated on: 2026-02-25

Assigner: MITRE

Description
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-23
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61145
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libtiff libtiff to 4.7.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-61145 is a double free vulnerability found in the libtiff library, specifically in the component tools/tiffcrop.c up to version 4.7.1.

A double free occurs when the same memory is freed more than once, which can lead to memory corruption.

This vulnerability was identified in the code around line 2931 of tools/tiffcrop.c, with the memory allocation happening at line 709.

Impact Analysis

This double free vulnerability can cause memory corruption, which may lead to a crash or denial of service in applications using libtiff.

Additionally, it could potentially allow an attacker to execute arbitrary code by exploiting the corrupted memory state.

Compliance Impact

I don't know

Detection Guidance

The vulnerability is a double free in the libtiff tool tiffcrop.c component. Detection would involve checking the version of libtiff installed on your system to see if it is up to and including version 4.7.1, which is affected.

Since this is a memory corruption issue in a specific tool, direct network detection commands are not applicable. Instead, you can verify the version of libtiff installed using commands like:

  • On Linux: `tiffcrop -v` or `tiffinfo -v` to check the version of libtiff tools.
  • Alternatively, check the package version with your package manager, for example: `dpkg -l | grep libtiff` on Debian-based systems or `rpm -q libtiff` on RedHat-based systems.

For runtime detection of crashes or abnormal behavior related to this vulnerability, monitoring application logs or running the tiffcrop tool with test TIFF files and checking for crashes or memory errors (e.g., using tools like Valgrind) may help identify the issue.

Mitigation Strategies

The immediate mitigation step is to update libtiff to a version that includes the fix for this vulnerability. The fix was merged into the master branch on September 5, 2025, and addresses the double-free and memory leak issues.

If updating is not immediately possible, avoid using the vulnerable tiffcrop tool or any functionality that triggers the vulnerable code path.

Monitor for any patches or updates from your operating system or libtiff maintainers and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61145. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart